ge0rg3 / stegonline Goto Github PK
View Code? Open in Web Editor NEWA web-based, accessible and open-source port of StegSolve.
Home Page: https://georgeom.net/StegOnline/
License: Do What The F*ck You Want To Public License
stegonline's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
markcumminsirl hellokitty404 virendersinghrathore modulexcite nutc4k3 rikochet haupc keerthana-rav l4wky ctf-competition-tools lorhua fulanah-binti-fulanah brossetti1 ratel-bryan lztcode 2337761309 joe985-collab ritikshb bornunique911 pratigyas457 dangetiarunakumari kunkun-tx ccf0515 sysfox em472020 yuzuki616 brunoblaise marahann aleff-github kartikeychoudhary 5l1v3r1 kkpan11 pulipati alby-shinoj anonymouspurplepotato anant2961 rzlamrr falico vaginessa dor-sketchstegonline's Issues
add Channel pixel order
Let's assume that we want to encode 24 bits of data in a 2x2 image.
For now, 2 options are available in the Pixel Ordel list:
Column
Altered bits (using a fictive 4 bits per channel image format, for readability):
r g b r g b
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ ║ ║ ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
Result on an actual image (200x163 image, 73kb of data):
Row
Altered bits:
r g b r g b
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ ║ ║ ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
Result:
Channel
And here is my proposal: iterating over channels instead rows or columns:
Altered bits:
r g b r g b
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
╔═══╦═══╦═══╗ ╔═══╦═══╦═══╗
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ X ║ X ║ X ║ ║ X ║ X ║ X ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╠═══╬═══╬═══╣ ╠═══╬═══╬═══╣
║ ║ ║ ║ ║ ║ ║ ║
╚═══╩═══╩═══╝ ╚═══╩═══╩═══╝
Result:
This is an interesting feature as it better hides the data in the image (since it avoids to visually see the difference between untouched an altered areas), and improve global image quality.
PNGs created by tool cannot be opened again
when embedding a text into image "b" and then embedding image "b" into image "a" there's following problem:
image "b" can be extracted without any problem.
image "b" will be saved as "PNG".
but then image "b" can't be open again via "upload" freezes with "loading b..."
a bit strange: as workaround it can be renamed to "JPG", then it opens again and the text can also be extracted.....
PNG Images not loading
Several PNG images that I have tried to upload to view their bit planes at https://georgeom.net/StegOnline/upload are stuck loading. I have tried using different computers and different browsers to no avail.
Help would be appreciated. Thank you.
tiff images fail to load
Despite being allowed by the uploader, images with the mime type image/tiff fail to load. There is no discernable error shown, or logged to the console. After starting upload, site reports "Loading filename.tiff..." indefinitely.
Sample Image
I ran into this stego at Defcon BioHacking Village CTF. I wasn't able to solve it on https://stegonline.georgeom.net/, but was able to on https://www.beautifyconverter.com/steganographic-decoder.php. Unfortunately, the site doesn't say how it extracts the message. I figured I'd leave it here in case you wanted to examine and add to the site features, which are awesome (thank you). Would be interested to know how it works.
Issue with Content Security Policy
Hi and thanks a lot for StegOnline!
Uploading images doesn't seem to work anymore.
With Chromium (Version 125.0.6422.141 (Official Build) Arch Linux (64-bit)):
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'run-ad-auction'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'join-ad-interest-group'.
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
upload:15
GET https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587 net::ERR_BLOCKED_BY_CLIENT
upload:15 Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://static.cloudflareinsights.com". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
With Firefox 126.0.1-1:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587. (Reason: CORS request did not succeed). Status code: (null).
None of the “sha512” hashes in the integrity attribute match the content of the subresource. The computed hash is “z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==”. StegOnline
Content-Security-Policy: The page’s settings blocked the loading of a resource (media-src) at data: because it violates the following directive: “default-src 'none'” StegOnline
Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “script-src 'self' 'unsafe-eval' https://static.cloudflareinsights.com” utils.js:42:10
Content-Security-Policy: The page’s settings blocked an event handler (script-src-attr) from being executed because it violates the following directive: “script-src 'self' 'unsafe-eval' https://static.cloudflareinsights.com” main.8bb952858e81895e632c.js:1:769340
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587. (Reason: CORS request did not succeed). Status code: (null).
None of the “sha512” hashes in the integrity attribute match the content of the subresource. The computed hash is “z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==”. upload
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.